]>
Commit | Line | Data |
---|---|---|
848af5e8 RL |
1 | # libcommon.a Contains common building blocks and other routines, |
2 | # potentially needed by any of our providers. | |
3 | # | |
4 | # libfips.a Contains all algorithm implementations that should | |
5 | # go in the FIPS provider. The compilations for this | |
6 | # library are all done with FIPS_MODULE defined. | |
7 | # | |
8 | # liblegacy.a Contains all algorithm implementations that should | |
9 | # go into the legacy provider. The compilations for | |
10 | # this library are all done with STATIC_LEGACY defined. | |
11 | # | |
12 | # libdefault.a Contains all algorithm implementations that should | |
13 | # into the default or base provider. | |
14 | # | |
15 | # To be noted is that the FIPS provider shares source code with libcrypto, | |
16 | # which means that select source files from crypto/ are compiled for | |
17 | # libfips.a the sources from providers/implementations. | |
18 | # | |
19 | # This is how a provider module should be linked: | |
20 | # | |
21 | # -o {modulename}.so {object files...} lib{modulename}.a libcommon.a | |
22 | # | |
23 | # It is crucial that code that checks the FIPS_MODULE macro ends up in | |
24 | # libfips.a. | |
25 | # It is crucial that code that checks the STATIC_LEGACY macro ends up in | |
26 | # liblegacy.a. | |
27 | # It is recommended that code that is written for libcommon.a doesn't end | |
28 | # up depending on libfips.a, liblegacy.a or libdefault.a | |
29 | # | |
30 | # Code in providers/implementations/ should be written in such a way that | |
31 | # the OSSL_DISPATCH arrays (and preferably the majority of the actual code) | |
32 | # end up in either libfips.a, liblegacy.a or libdefault.a. | |
dec95d75 | 33 | |
600703f4 | 34 | SUBDIRS=common implementations |
9efa0ae0 | 35 | |
16da72a8 MC |
36 | INCLUDE[../libcrypto]=common/include |
37 | ||
dec95d75 RL |
38 | # Libraries we're dealing with |
39 | $LIBCOMMON=libcommon.a | |
dec95d75 | 40 | $LIBFIPS=libfips.a |
848af5e8 RL |
41 | $LIBLEGACY=liblegacy.a |
42 | $LIBDEFAULT=libdefault.a | |
43 | LIBS{noinst}=$LIBDEFAULT $LIBCOMMON | |
dec95d75 RL |
44 | |
45 | # Enough of our implementations include prov/ciphercommon.h (present in | |
cc731bc3 | 46 | # providers/implementations/include), which includes crypto/*_platform.h |
dec95d75 RL |
47 | # (present in include), which in turn may include very internal header |
48 | # files in crypto/, so let's have a common include list for them all. | |
68a51d59 | 49 | $COMMON_INCLUDES=../crypto ../include implementations/include common/include |
dec95d75 RL |
50 | |
51 | INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES | |
dec95d75 | 52 | INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES |
848af5e8 RL |
53 | INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES |
54 | INCLUDE[$LIBDEFAULT]=.. $COMMON_INCLUDES | |
f844f9eb | 55 | DEFINE[$LIBFIPS]=FIPS_MODULE |
dec95d75 | 56 | |
848af5e8 RL |
57 | # Weak dependencies to provide library order information. What is actually |
58 | # used is determined by non-weak dependencies. | |
59 | DEPEND[$LIBCOMMON]{weak}=../libcrypto | |
dec95d75 | 60 | |
848af5e8 | 61 | # Strong dependencies. This ensures that any time an implementation library |
dec95d75 | 62 | # is used, libcommon gets included as well. |
848af5e8 RL |
63 | # The $LIBFIPS dependency on $LIBCOMMON is extra strong, to mitigate for |
64 | # linking problems because they are interdependent | |
65 | SOURCE[$LIBFIPS]=$LIBCOMMON | |
66 | DEPEND[$LIBLEGACY]=$LIBCOMMON | |
67 | DEPEND[$LIBDEFAULT]=$LIBCOMMON | |
dec95d75 RL |
68 | |
69 | # | |
70 | # Default provider stuff | |
71 | # | |
72 | # Because the default provider is built in, it means that libcrypto must | |
73 | # include all the object files that are needed (we do that indirectly, | |
74 | # by using the appropriate libraries as source). Note that for shared | |
848af5e8 | 75 | # libraries, SOURCEd libraries are considered as if they were specified |
dec95d75 RL |
76 | # with DEPEND. |
77 | $DEFAULTGOAL=../libcrypto | |
848af5e8 | 78 | SOURCE[$DEFAULTGOAL]=$LIBDEFAULT defltprov.c |
68a51d59 | 79 | INCLUDE[$DEFAULTGOAL]=implementations/include |
dec95d75 | 80 | |
dfc0857d P |
81 | # |
82 | # Base provider stuff | |
83 | # | |
848af5e8 RL |
84 | # Because the base provider is built in, it means that libcrypto must |
85 | # include all of the object files that are needed, just like the default | |
86 | # provider. | |
dfc0857d | 87 | $BASEGOAL=../libcrypto |
848af5e8 | 88 | SOURCE[$BASEGOAL]=$LIBDEFAULT baseprov.c |
dfc0857d P |
89 | INCLUDE[$BASEGOAL]=implementations/include |
90 | ||
dec95d75 RL |
91 | # |
92 | # FIPS provider stuff | |
93 | # | |
94 | # We define it this way to ensure that configdata.pm will have all the | |
95 | # necessary information even if we don't build the module. This will allow | |
96 | # us to make all kinds of checks on the source, based on what we specify in | |
97 | # diverse build.info files. libfips.a, fips.so and their sources aren't | |
98 | # built unless the proper LIBS or MODULES statement has been seen, so we | |
99 | # have those and only those within a condition. | |
9efa0ae0 | 100 | IF[{- !$disabled{fips} -}] |
848af5e8 RL |
101 | SUBDIRS=fips |
102 | $FIPSGOAL=fips | |
103 | ||
dec95d75 RL |
104 | # This is the trigger to actually build the FIPS module. Without these |
105 | # statements, the final build file will not have a trace of it. | |
d3ed8080 | 106 | MODULES{fips}=$FIPSGOAL |
dec95d75 | 107 | LIBS{noinst}=$LIBFIPS |
05869bba | 108 | |
848af5e8 RL |
109 | DEPEND[$FIPSGOAL]=$LIBFIPS |
110 | INCLUDE[$FIPSGOAL]=../include | |
111 | DEFINE[$FIPSGOAL]=FIPS_MODULE | |
112 | IF[{- defined $target{shared_defflag} -}] | |
113 | SOURCE[$FIPSGOAL]=fips.ld | |
114 | GENERATE[fips.ld]=../util/providers.num | |
115 | ENDIF | |
116 | ||
05869bba RL |
117 | # For tests that try to use the FIPS module, we need to make a local fips |
118 | # module installation. We have the output go to standard output, because | |
119 | # the generated commands in build templates are expected to catch that, | |
120 | # and thereby keep control over the exact output file location. | |
2395ad80 | 121 | IF[{- !$disabled{tests} -}] |
ce70766c | 122 | DEPEND[|run_tests|]=fipsmodule.cnf |
2395ad80 P |
123 | GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \ |
124 | -module providers/$(FIPSMODULENAME) -provider_name fips \ | |
125 | -mac_name HMAC -section_name fips_sect | |
126 | DEPEND[fipsmodule.cnf]=$FIPSGOAL | |
127 | ENDIF | |
9efa0ae0 | 128 | ENDIF |
d0308923 | 129 | |
dec95d75 RL |
130 | # |
131 | # Legacy provider stuff | |
132 | # | |
d0308923 | 133 | IF[{- !$disabled{legacy} -}] |
dec95d75 | 134 | LIBS{noinst}=$LIBLEGACY |
dec95d75 | 135 | |
318e074e | 136 | IF[{- $disabled{module} -}] |
dec95d75 RL |
137 | # Become built in |
138 | # In this case, we need to do the same thing a for the default provider, | |
139 | # and make the liblegacy object files end up in libcrypto. We could also | |
140 | # just say that for the built-in legacy, we put the source directly in | |
141 | # libcrypto instead of going via liblegacy, but that makes writing the | |
142 | # implementation specific build.info files harder to write, so we don't. | |
143 | $LEGACYGOAL=../libcrypto | |
144 | SOURCE[$LEGACYGOAL]=$LIBLEGACY | |
dec95d75 | 145 | DEFINE[$LEGACYGOAL]=STATIC_LEGACY |
318e074e | 146 | ELSE |
dec95d75 RL |
147 | # Become a module |
148 | # In this case, we can work with dependencies | |
149 | $LEGACYGOAL=legacy | |
150 | MODULES=$LEGACYGOAL | |
848af5e8 | 151 | DEPEND[$LEGACYGOAL]=$LIBLEGACY ../libcrypto |
318e074e RL |
152 | IF[{- defined $target{shared_defflag} -}] |
153 | SOURCE[legacy]=legacy.ld | |
154 | GENERATE[legacy.ld]=../util/providers.num | |
155 | ENDIF | |
848af5e8 | 156 | SOURCE[$LIBLEGACY]=prov_running.c |
d0308923 | 157 | ENDIF |
dec95d75 RL |
158 | |
159 | # Common things that are valid no matter what form the Legacy provider | |
160 | # takes. | |
600703f4 | 161 | SOURCE[$LEGACYGOAL]=legacyprov.c |
fdaad3f1 | 162 | INCLUDE[$LEGACYGOAL]=../include implementations/include common/include |
d0308923 | 163 | ENDIF |
7b4344ac P |
164 | |
165 | # | |
166 | # Null provider stuff | |
167 | # | |
168 | # Because the null provider is built in, it means that libcrypto must | |
169 | # include all the object files that are needed. | |
170 | $NULLGOAL=../libcrypto | |
eab7b424 | 171 | SOURCE[$NULLGOAL]=nullprov.c prov_running.c |
7b4344ac | 172 | |
848af5e8 | 173 | SOURCE[$LIBDEFAULT]=prov_running.c |